Lucene search

K

Goolytics – Simple Google Analytics Security Vulnerabilities

osv
osv

Elasticsearch StackOverflow vulnerability

A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of...

4.9CVSS

6.8AI Score

0.0004EPSS

2024-06-13 06:31 PM
2
impervablog
impervablog

Cyberattack on Swedish Gambling Site During Eurovision Highlights Strategic Threats

Every year, the Eurovision Song Contest captivates millions of viewers across Europe and beyond, turning a simple music competition into a cultural phenomenon. This popularity extends to various forms of betting, with numerous gambling sites offering odds on Eurovision outcomes. Eurovision has...

7.5AI Score

2024-06-13 04:15 PM
1
osv
osv

CVE-2024-37307

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run (with the --envoy-dump flag set) against Cilium...

7.9CVSS

7AI Score

0.0004EPSS

2024-06-13 04:15 PM
1
osv
osv

CGA-qwcg-8rgg-jfqm

Bulletin has no...

8.1CVSS

8.1AI Score

0.0004EPSS

2024-06-13 04:06 PM
osv
osv

CGA-qxv7-23p6-xhwj

Bulletin has no...

6.4AI Score

0.0004EPSS

2024-06-13 04:06 PM
1
osv
osv

CGA-hfq8-fhqg-qhqx

Bulletin has no...

7.2AI Score

2024-06-13 04:06 PM
osv
osv

CGA-fcwq-p8wm-vvr9

Bulletin has no...

6.3AI Score

0.0004EPSS

2024-06-13 04:06 PM
osv
osv

CGA-qhxx-m9vp-c3pr

Bulletin has no...

6.3AI Score

0.0004EPSS

2024-06-13 04:06 PM
osv
osv

CGA-pq49-565p-4jxc

Bulletin has no...

6.4AI Score

0.0004EPSS

2024-06-13 04:06 PM
osv
osv

CGA-98x5-2cwf-6r85

Bulletin has no...

7.2AI Score

2024-06-13 04:06 PM
osv
osv

CGA-5xwc-hffc-phx4

Bulletin has no...

7.2AI Score

2024-06-13 04:04 PM
1
osv
osv

CGA-28jv-3vhj-mh4f

Bulletin has no...

6.4AI Score

0.0004EPSS

2024-06-13 04:04 PM
osv
osv

CGA-q69c-3f5g-xcrc

Bulletin has no...

6.3AI Score

0.0004EPSS

2024-06-13 04:04 PM
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 3, 2024 to June 9, 2024)

_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

10CVSS

9.8AI Score

EPSS

2024-06-13 03:35 PM
2
osv
osv

CVE-2024-37306

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into visiting a malicious URL, they can initiate a dataset export or a backup from a...

7.1CVSS

6.8AI Score

0.0004EPSS

2024-06-13 03:15 PM
osv
osv

CVE-2024-37164

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob Storage. Starting in version 2.1.0 and prior to version 2.14.3, an attacker with a...

7.1CVSS

7.2AI Score

0.0004EPSS

2024-06-13 03:15 PM
1
osv
osv

h2database vulnerabilities

It was discovered that H2 was vulnerable to deserialization of untrusted data. An attacker could possibly use this issue to execute arbitrary code. (CVE-2021-42392) It was discovered that H2 incorrectly handled some specially crafted connection URLs. An attacker could possibly use this issue to...

9.8CVSS

7.9AI Score

0.518EPSS

2024-06-13 02:44 PM
osv
osv

CVE-2024-37309

CrateDB is a distributed SQL database. A high-risk vulnerability has been identified in versions prior to 5.7.2 where the TLS endpoint (port 4200) permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly request renegotiation of security...

5.3CVSS

7.7AI Score

0.0004EPSS

2024-06-13 02:15 PM
osv
osv

CVE-2024-37308

The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the _recipe_settings[post_title] parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers.....

5.4CVSS

5.9AI Score

0.0004EPSS

2024-06-13 02:15 PM
1
thn
thn

Arid Viper Launches Mobile Espionage Campaign with AridSpy Malware

The threat actor known as Arid Viper has been attributed to a mobile espionage campaign that leverages trojanized Android apps to deliver a spyware strain dubbed AridSpy. "The malware is distributed through dedicated websites impersonating various messaging apps, a job opportunity app, and a...

7.5AI Score

2024-06-13 01:55 PM
malwarebytes
malwarebytes

Update now! Google Pixel vulnerability is under active exploitation

Google has notified Pixel users about an actively exploited vulnerability in their phones' firmware. Firmware is the code or program which is embedded into hardware devices. Simply put, it is the software layer between the hardware and the applications on the device. About the vulnerability,...

7.8CVSS

7.5AI Score

0.001EPSS

2024-06-13 01:33 PM
2
osv
osv

vte2.91 vulnerability

Siddharth Dushantha discovered that VTE incorrectly handled large window resize escape sequences. An attacker could possibly use this issue to consume resources, leading to a denial of...

7.1AI Score

0.0004EPSS

2024-06-13 12:35 PM
ics
ics

Siemens TIM 1531 IRC

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

9.8CVSS

10AI Score

0.004EPSS

2024-06-13 12:00 PM
1
ics
ics

Siemens SIMATIC and SIPLUS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

9.8CVSS

9.9AI Score

EPSS

2024-06-13 12:00 PM
1
ics
ics

Siemens SCALANCE XM-400, XR-500

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

7.5CVSS

10AI Score

0.004EPSS

2024-06-13 12:00 PM
talosblog
talosblog

Operation Celestial Force employs mobile and desktop malware to target Indian entities

By Gi7w0rm, Asheer Malhotra and Vitor Ventura. Cisco Talos is disclosing a new malware campaign called "Operation Celestial Force" running since at least 2018. It is still active today, employing the use of GravityRAT, an Android-based malware, along with a Windows-based malware loader we track...

7.2AI Score

2024-06-13 10:00 AM
1
securelist
securelist

Cinterion EHS5 3G UMTS/HSPA Module Research

Modems play an important role in enabling connectivity for a wide range of devices. This includes not only traditional mobile devices and household appliances, but also telecommunication systems in vehicles, ATMs and Automated Process Control Systems (APCS). When integrating the modem, many...

6.4CVSS

8.2AI Score

0.001EPSS

2024-06-13 10:00 AM
3
osv
osv

Magento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that.....

9.8CVSS

7.4AI Score

0.001EPSS

2024-06-13 09:31 AM
1
cve
cve

CVE-2024-1565

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitization....

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-13 09:15 AM
13
nvd
nvd

CVE-2024-1565

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitization....

6.4CVSS

0.001EPSS

2024-06-13 09:15 AM
1
osv
osv

virtuoso-opensource vulnerabilities

Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker could possibly use this issue to crash the program, resulting in a denial of service. (CVE-2023-31607, CVE-2023-31608, CVE-2023-31609, CVE-2023-31610, CVE-2023-31611,...

7.5CVSS

7.5AI Score

0.001EPSS

2024-06-13 08:32 AM
cvelist
cvelist

CVE-2024-1565 EmbedPress <= 3.9.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via PDF Widget URL

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitization....

6.4CVSS

0.001EPSS

2024-06-13 08:31 AM
3
vulnrichment
vulnrichment

CVE-2024-1565 EmbedPress <= 3.9.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via PDF Widget URL

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitization....

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-13 08:31 AM
vulnrichment
vulnrichment

CVE-2024-26066 AMS XSS - /libs/cq/analytics/components/sitecatalystpage/content.jsp (6.5.18 retest - bypass 1967687)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

5.4CVSS

5.3AI Score

0.0005EPSS

2024-06-13 07:52 AM
cvelist
cvelist

CVE-2024-26066 AMS XSS - /libs/cq/analytics/components/sitecatalystpage/content.jsp (6.5.18 retest - bypass 1967687)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

5.4CVSS

0.0005EPSS

2024-06-13 07:52 AM
vulnrichment
vulnrichment

CVE-2024-36164 AMS XSS - /libs/cq/analytics/components/reporting/reportrankedlist/chart.js.jsp

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

5.4CVSS

5.5AI Score

0.0004EPSS

2024-06-13 07:52 AM
cvelist
cvelist

CVE-2024-36164 AMS XSS - /libs/cq/analytics/components/reporting/reportrankedlist/chart.js.jsp

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

5.4CVSS

0.0004EPSS

2024-06-13 07:52 AM
thn
thn

Google Warns of Pixel Firmware Security Flaw Exploited as Zero-Day

Google has warned that a security flaw impacting Pixel Firmware has been exploited in the wild as a zero-day. The high-severity vulnerability, tagged as CVE-2024-32896, has been described as an elevation of privilege issue in Pixel Firmware. The company did not share any additional details related....

7.8CVSS

8.4AI Score

0.213EPSS

2024-06-13 07:08 AM
1
mscve
mscve

Chromium: CVE-2024-5847 Use after free in PDFium

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...

6.7AI Score

0.0004EPSS

2024-06-13 07:00 AM
4
mscve
mscve

Chromium: CVE-2024-5834 Inappropriate implementation in Dawn

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...

6.7AI Score

0.0004EPSS

2024-06-13 07:00 AM
3
mscve
mscve

Chromium: CVE-2024-5838 Type Confusion in V8

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...

6.7AI Score

0.0004EPSS

2024-06-13 07:00 AM
5
mscve
mscve

Chromium: CVE-2024-5831 Use after free in Dawn

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...

6.7AI Score

0.0004EPSS

2024-06-13 07:00 AM
2
mscve
mscve

Chromium: CVE-2024-5840 Policy Bypass in CORS

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...

6.7AI Score

0.0004EPSS

2024-06-13 07:00 AM
4
mscve
mscve

Chromium: CVE-2024-5846 Use after free in PDFium

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...

6.7AI Score

0.0004EPSS

2024-06-13 07:00 AM
2
mscve
mscve

Chromium: CVE-2024-5841 Use after free in V8

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...

6.7AI Score

0.0004EPSS

2024-06-13 07:00 AM
2
mscve
mscve

Chromium: CVE-2024-5833 Type Confusion in V8

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...

6.7AI Score

0.0004EPSS

2024-06-13 07:00 AM
3
mscve
mscve

Chromium: CVE-2024-5835 Heap buffer overflow in Tab Groups

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...

6.7AI Score

0.0004EPSS

2024-06-13 07:00 AM
2
mscve
mscve

Chromium: CVE-2024-5845 Use after free in Audio

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...

6.7AI Score

0.0004EPSS

2024-06-13 07:00 AM
2
mscve
mscve

Chromium: CVE-2024-5843 Inappropriate implementation in Downloads

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...

6.7AI Score

0.0004EPSS

2024-06-13 07:00 AM
1
mscve
mscve

Chromium: CVE-2024-5830 Type Confusion in V8

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...

6.7AI Score

0.0004EPSS

2024-06-13 07:00 AM
3
Total number of security vulnerabilities303833